Allbridge Loses Half a Million in Flash Loan Attack

Multichain token bridge Allbridge offered the hacker behind a $573,000 attack a chance to come forward as a white hat and get a prize, CoinTelegraph wrote. Blockchain sleuth Peckshield first reported the exploit on April 1.

BNB Chain pools were drained

The security firm tweeted a warning to the bridge that the swap price of its BNB Chain pools was being manipulated by an entity acting as a swapper and a liquidity provider. The individual drained the pool of $290,868 in Tether (USDT) and $282,889 in Binance USD (BUSD).

After the attack, Allbridge offered the hacker a bounty and the chance to avoid legal repercussions. The bounty amount was not reported. The token bridge asked the attacker to contact it via Telegram or Twitter in order to “consider this a white hat hack and discuss the bounty in exchange for returning the funds.”

Can they track the exploiter down?

The token bridge also tweeted it was tracking the attacker and the stolen funds down as efficiently as possible with the help of its community and partners. It is monitoring social networks, transactions, wallets, and linked accounts on centralized exchanges.

Bridge protocol was suspended

The protocol is working with law enforcement, legal firms, and other projects affected by the attack. Allbridge suspended its bridge protocol temporarily to stop its other pools from being exploited. They will restart it when they have patched the vulnerability.

Anatomy of the hack

CertiK identified the exploit as a flash loan attack in an April 1 post. They explained the hacker took out a flash loan of $7.5 million in BUSD, then launched a series of swaps for Tether. Then, he made some deposits on Allbridge’s BUSD and USDT liquidity pools.

This made it possible to manipulate Tether’s price in the pool and the cybercriminal was able to exchange BUSD worth just $40,000 for Tether worth $789,632.